CVE-2024-10585

Name of the Vulnerable Software and Affected Versions InfiniteWP Client plugin for WordPress versions up to, and including, 1.13.0

Description The issue allows unauthenticated attackers to read .txt files outside of the intended directory via the historyID parameter of the ~/debug-chart/index.php file. This makes it possible for attackers to access sensitive information.

Recommendations For versions up to, and including, 1.13.0, consider disabling access to the ~/debug-chart/index.php file or restricting the use of the historyID parameter until a patch is available. Avoid using the historyID parameter in the affected API endpoint until the issue is resolved.